---
kind: pipeline
type: docker
name: code-quality

# Триггеры для пайплайна проверки качества
trigger:
  event:
    - push
    - pull_request

steps:
  # Проверка качества Python кода
  - name: python-lint
    image: python:3.11-slim
    commands:
      - cd backend
      - pip install flake8 pylint black isort
      - echo "Running flake8..."
      - flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
      - flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
      - echo "Running pylint..."
      - pylint **/*.py --exit-zero --max-line-length=127
      - echo "Checking code formatting with black..."
      - black --check --diff .
      - echo "Checking imports with isort..."
      - isort --check-only --diff .

  # Проверка качества JavaScript/React кода
  - name: frontend-lint
    image: node:18-alpine
    commands:
      - cd frontend
      - npm ci
      - echo "Running ESLint..."
      - npm run lint || true
      - echo "Checking code formatting..."
      - npx prettier --check "src/**/*.{js,jsx,ts,tsx,json,css,md}" || true

  # Проверка безопасности зависимостей Python
  - name: python-security
    image: python:3.11-slim
    commands:
      - cd backend
      - pip install safety bandit
      - echo "Checking for known security vulnerabilities..."
      - safety check --file=requirements.txt --exit-zero
      - echo "Running bandit security linter..."
      - bandit -r . -f json -o bandit-report.json --exit-zero || true
      - bandit -r . --exit-zero

  # Проверка безопасности зависимостей Node.js
  - name: frontend-security
    image: node:18-alpine
    commands:
      - cd frontend
      - npm ci
      - echo "Running npm audit..."
      - npm audit --audit-level=moderate || true

---
kind: pipeline
type: docker
name: build-and-publish

# Триггеры для пайплайна сборки
trigger:
  event:
    - push
    - tag
  branch:
    - main
    - master
    - develop

# Зависимость от пайплайна проверки качества
depends_on:
  - code-quality

steps:
  # Сборка и публикация Docker образа
  - name: build-and-push
    image: plugins/docker
    settings:
      # Настройки реестра (замените на свои)
      registry: registry.example.com
      repo: registry.example.com/mc-panel
      
      # Теги для образа
      tags:
        - latest
        - ${DRONE_COMMIT_SHA:0:8}
        - ${DRONE_BRANCH}
      
      # Автоматическое тегирование при push тега
      auto_tag: true
      auto_tag_suffix: ${DRONE_BUILD_NUMBER}
      
      # Dockerfile
      dockerfile: Dockerfile
      context: .
      
      # Учетные данные (настройте в Drone secrets)
      username:
        from_secret: docker_username
      password:
        from_secret: docker_password
      
      # Build args (опционально)
      build_args:
        - BUILD_DATE=${DRONE_BUILD_CREATED}
        - VCS_REF=${DRONE_COMMIT_SHA}
        - VERSION=${DRONE_TAG:-${DRONE_BRANCH}}
    
    when:
      event:
        - push
        - tag

  # Сканирование образа на уязвимости (опционально)
  - name: scan-image
    image: aquasec/trivy
    commands:
      - trivy image --exit-code 0 --severity HIGH,CRITICAL registry.example.com/mc-panel:${DRONE_COMMIT_SHA:0:8}
    when:
      event:
        - push
        - tag
    depends_on:
      - build-and-push

  # Уведомление об успешной сборке (опционально)
  - name: notify-success
    image: plugins/slack
    settings:
      webhook:
        from_secret: slack_webhook
      channel: deployments
      username: drone
      template: >
        ✅ Build #{{build.number}} succeeded!
        
        Repository: {{repo.name}}
        Branch: {{build.branch}}
        Commit: {{build.commit}}
        Author: {{build.author}}
        
        Docker image: registry.example.com/mc-panel:{{build.commit}}
    when:
      status:
        - success
      event:
        - push
        - tag
    depends_on:
      - build-and-push

  # Уведомление об ошибке (опционально)
  - name: notify-failure
    image: plugins/slack
    settings:
      webhook:
        from_secret: slack_webhook
      channel: deployments
      username: drone
      template: >
        ❌ Build #{{build.number}} failed!
        
        Repository: {{repo.name}}
        Branch: {{build.branch}}
        Commit: {{build.commit}}
        Author: {{build.author}}
        
        Link: {{build.link}}
    when:
      status:
        - failure
      event:
        - push
        - tag

---
kind: pipeline
type: docker
name: deploy-staging

# Пайплайн для деплоя на staging (опционально)
trigger:
  event:
    - push
  branch:
    - develop

depends_on:
  - build-and-publish

steps:
  - name: deploy-to-staging
    image: appleboy/drone-ssh
    settings:
      host:
        from_secret: staging_host
      username:
        from_secret: staging_username
      key:
        from_secret: staging_ssh_key
      port: 22
      script:
        - cd /opt/mc-panel
        - docker-compose pull
        - docker-compose up -d
        - docker-compose ps

---
kind: pipeline
type: docker
name: deploy-production

# Пайплайн для деплоя на production (только для тегов)
trigger:
  event:
    - tag
  ref:
    - refs/tags/v*

depends_on:
  - build-and-publish

steps:
  - name: deploy-to-production
    image: appleboy/drone-ssh
    settings:
      host:
        from_secret: production_host
      username:
        from_secret: production_username
      key:
        from_secret: production_ssh_key
      port: 22
      script:
        - cd /opt/mc-panel
        - docker-compose pull
        - docker-compose up -d
        - docker-compose ps
        - echo "Deployed version ${DRONE_TAG}"

  - name: notify-production-deploy
    image: plugins/slack
    settings:
      webhook:
        from_secret: slack_webhook
      channel: deployments
      username: drone
      template: >
        🚀 Production deployment successful!
        
        Version: {{build.tag}}
        Repository: {{repo.name}}
        Author: {{build.author}}
        
        Docker image: registry.example.com/mc-panel:{{build.tag}}
    when:
      status:
        - success